fix: crud user

controllers/auth.controller.js

@@ -1,6 +1,6 @@
 const AuthService = require('../services/auth.service');
-const { registerSchema, loginSchema } = require('../validate/auth.schema');
 const { setResponse, checkValidate } = require('../helpers/utils');
+const { registerSchema, loginSchema } = require('../validate/auth.schema');
 const { createCaptcha } = require('../utils/captcha');
 
 class AuthController {
@@ -12,30 +12,21 @@ class AuthController {
       return res.status(400).json(setResponse(error, 'Validation failed', 400));
     }
 
-    if (value.phone && value.phone.startsWith('0')) {
+    // Format nomor HP Indonesia
-      value.phone = '+62' + value.phone.slice(1);
+    if (value.user_phone && value.user_phone.startsWith('0')) {
+      value.user_phone = '+62' + value.user_phone.slice(1);
     }
 
-    const { user, tokens } = await AuthService.register(value);
+    const results = await AuthService.register(value);
-
-    // Set refresh token di cookie
-    res.cookie('refreshToken', tokens.refreshToken, {
-      httpOnly: true,
-      secure: false, // masih dev
-      sameSite: 'lax',
-      maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
-    });
 
     const response = await setResponse(
       {
-        user: { ...user, approved: false },
+        user: { ...results.user, approved: false },
-        accessToken: tokens.accessToken
       },
-      'User registered successfully. Waiting for admin approval.',
+      'User registered successfully. Waiting for admin approval.'
-      201
     );
 
-    return res.status(response.statusCode).json(response);
+    res.status(response.statusCode).json(response);
   }
 
   // Login
@@ -46,32 +37,25 @@ class AuthController {
       return res.status(400).json(setResponse(error, 'Validation failed', 400));
     }
 
-    const { identifier, password, captcha, captchaText } = value;
+    const results = await AuthService.login(value);
 
-    if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
+    // Simpan refresh token di cookie
-      return res.status(400).json(setResponse([], 'Invalid captcha', 400));
+    res.cookie('refreshToken', results.tokens.refreshToken, {
-    }
-
-    const { user, tokens } = await AuthService.login({ identifier, password });
-
-    // Set refresh token di cookie
-    res.cookie('refreshToken', tokens.refreshToken, {
       httpOnly: true,
-      secure: false, // masih dev
+      secure: false,
       sameSite: 'lax',
-      maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
+      maxAge: 7 * 24 * 60 * 60 * 1000
     });
 
     const response = await setResponse(
       {
-        user: { ...user, approved: true },
+        user: { ...results.user, approved: true },
-        accessToken: tokens.accessToken
+        accessToken: results.tokens.accessToken
       },
-      'Login successful',
+      'Login successful'
-      200
     );
 
-    return res.status(response.statusCode).json(response);
+    res.status(response.statusCode).json(response);
   }
 
   // Refresh Token
@@ -82,10 +66,10 @@ class AuthController {
       return res.status(401).json(setResponse(null, 'Refresh token is required', 401));
     }
 
-    const result = await AuthService.refreshToken(refreshToken);
+    const results = await AuthService.refreshToken(refreshToken);
-    const response = await setResponse(result, 'Token refreshed successfully', 200);
+    const response = await setResponse(results, 'Token refreshed successfully');
 
-    return res.status(response.statusCode).json(response);
+    res.status(response.statusCode).json(response);
   }
 
   // Logout
@@ -96,19 +80,19 @@ class AuthController {
       secure: true
     });
 
-    const response = await setResponse(null, 'Logged out successfully', 200);
+    const response = await setResponse(null, 'Logged out successfully');
-    return res.status(response.statusCode).json(response);
+    res.status(response.statusCode).json(response);
   }
 
   // Captcha
   static async generateCaptcha(req, res) {
     const { svg, text } = createCaptcha();
 
-    // munculkan di header untuk keperluan dev
+    // Tampilkan captcha di header untuk dev
     res.setHeader('X-Captcha-Text', text);
 
-    const response = await setResponse({ svg, text }, 'Captcha generated', 200);
+    const response = await setResponse({ svg, text }, 'Captcha generated');
-    return res.status(response.statusCode).json(response);
+    res.status(response.statusCode).json(response);
   }
 }
 

controllers/users.controller.js

@@ -1,6 +1,6 @@
-const UserService = require('../services/user.service');
+const UserService = require("../services/user.service");
-const { setResponse, setResponsePaging, checkValidate } = require('../helpers/utils');
+const { setResponse, setResponsePaging, checkValidate } = require("../helpers/utils");
-const { userSchema, newPasswordSchema } = require('../validate/user.schema');
+const { userSchema, updateUserSchema, newPasswordSchema } = require("../validate/user.schema");
 
 class UserController {
   // Get all users
@@ -8,7 +8,7 @@ class UserController {
     const queryParams = req.query;
 
     const results = await UserService.getAllUsers(queryParams);
-    const response = await setResponsePaging(queryParams, results, 'Users retrieved successfully');
+    const response = await setResponsePaging(queryParams, results, 'Users found');
 
     res.status(response.statusCode).json(response);
   }
@@ -18,7 +18,7 @@ class UserController {
     const { id } = req.params;
 
     const results = await UserService.getUserById(id);
-    const response = await setResponse(results, 'User retrieved successfully');
+    const response = await setResponse(results, 'User found');
 
     res.status(response.statusCode).json(response);
   }
@@ -42,13 +42,14 @@ class UserController {
   // Update user
   static async update(req, res) {
     const { id } = req.params;
-    const { error, value } = await checkValidate(userSchema, req);
+
+    const { error, value } = await checkValidate(updateUserSchema, req);
 
     if (error) {
       return res.status(400).json(setResponse(error, 'Validation failed', 400));
     }
 
-    value.updated_by = req.user.user_id;
+    value.userId = req.user.user_id;
 
     const results = await UserService.updateUser(id, value);
     const response = await setResponse(results, 'User updated successfully');
@@ -56,6 +57,17 @@ class UserController {
     res.status(response.statusCode).json(response);
   }
 
+  // Approve user
+  static async approve(req, res) {
+    const { id } = req.params;
+    const approverId = req.user.user_id;
+
+    const updatedUser = await UserService.approveUser(id, approverId);
+    const response = await setResponse(updatedUser, 'User approved successfully');
+
+    return res.status(response.statusCode).json(response);
+  }
+
   // Soft delete user
   static async delete(req, res) {
     const { id } = req.params;
@@ -66,7 +78,7 @@ class UserController {
     res.status(response.statusCode).json(response);
   }
 
-  // Change user password
+  // Change password
   static async changePassword(req, res) {
     const { id } = req.params;
     const { error, value } = await checkValidate(newPasswordSchema, req);
@@ -80,25 +92,6 @@ class UserController {
 
     res.status(response.statusCode).json(response);
   }
-
-  // Get all status users
-  static async getAllStatus(req, res) {
-    const results = await UserService.getAllStatusUsers();
-    const response = await setResponse(results, 'Status list retrieved successfully');
-
-    res.status(response.statusCode).json(response);
-  }
-
-  // Approve user
-  static async approve(req, res) {
-    const { id } = req.params;
-    const approverId = req.user?.user_id || null;
-
-    const results = await UserService.approveUser(id, approverId);
-    const response = await setResponse(results, 'User approved successfully');
-
-    res.status(response.statusCode).json(response);
-  }
 }
 
 module.exports = UserController;

db/user.db.js

@@ -132,6 +132,22 @@ const updateUserDb = async (userId, data) => {
   return getUserByIdDb(userId);
 };
 
+const approveUserDb = async (userId, approverId) => {
+  const queryText = `
+    UPDATE m_users
+    SET 
+      is_approve = 1,
+      approved_by = $1,
+      approved_at = CURRENT_TIMESTAMP,
+      updated_by = $1,
+      updated_at = CURRENT_TIMESTAMP
+    WHERE user_id = $2 AND deleted_at IS NULL
+  `;
+  await pool.query(queryText, [approverId, userId]);
+  return true; // simple, cuma tanda berhasil
+};
+
+
 // Change user password
 const changeUserPasswordDb = async (userId, newPassword) => {
   const queryText = `
@@ -165,6 +181,7 @@ module.exports = {
   getUserByUsernameDb,
   createUserDb,
   updateUserDb,
+  approveUserDb,
   changeUserPasswordDb,
   deleteUserDb,
 };

routes/users.route.js

@@ -20,7 +20,4 @@ router.route('/change-password/:id')
 router.route('/:id/approve')
   .put(verifyToken.verifyAccessToken, verifyAccess(), UserController.approve);
 
-router.route('/status/all')
-  .get(verifyToken.verifyAccessToken, UserController.getAllStatus);
-
 module.exports = router;

services/auth.service.js

@@ -9,72 +9,66 @@ const JWTService = require('../utils/jwt');
 
 class AuthService {
   // Register
-  static async register({ fullname, name, email, phone, password }) {
+  static async register(data) {
     try {
-      const existingUser = await getUserByUserEmailDb(email);
+      const existingEmail = await getUserByUserEmailDb(data.user_email);
-      if (existingUser) {
+      const existingUsername = await getUserByUsernameDb(data.user_name);
-        throw new ErrorHandler(400, 'Email already registered');
+
+      if (existingUsername) {
+        throw new ErrorHandler(400, 'Username is already taken');
+      }
+      if (existingEmail) {
+        throw new ErrorHandler(400, 'Email is already taken');
       }
 
-      const hashedPassword = await hashPassword(password);
+      const hashedPassword = await hashPassword(data.user_password);
 
       const userId = await createUserDb({
-        user_fullname: fullname,
+        user_fullname: data.user_fullname,
-        user_name: name,
+        user_name: data.user_name,
-        user_email: email,
+        user_email: data.user_email,
-        user_phone: phone,
+        user_phone: data.user_phone,
         user_password: hashedPassword,
-        role_id: null,
-        is_sa: 0,
-        is_active: 1,
-        is_approve: 0,
-        approved_by: null,
-        approved_at: null
       });
 
       const newUser = {
         user_id: userId,
-        user_fullname: fullname,
+        user_fullname: data.user_fullname,
-        user_name: name,
+        user_name: data.user_name,
-        user_email: email,
+        user_email: data.user_email,
-        user_phone: phone
+        user_phone: data.user_phone
       };
 
-      const tokens = JWTService.generateTokenPair(newUser);
+      return { user: newUser };
-
-      return { user: newUser, tokens };
     } catch (error) {
       throw new ErrorHandler(error.statusCode, error.message);
     }
   }
 
   // Login
-  static async login({ identifier, password }) {
+  static async login(data) {
     try {
-      let user;
+      const { identifier, password, captcha, captchaText } = data;
 
+      if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
+        throw new ErrorHandler(400, 'Invalid captcha');
+      }
+
+      let user;
       if (identifier.includes('@')) {
         user = await getUserByUserEmailDb(identifier);
       } else {
         user = await getUserByUsernameDb(identifier);
       }
 
-      if (!user) {
+      if (!user) throw new ErrorHandler(401, 'Invalid credentials');
-        throw new ErrorHandler(401, 'Invalid credentials');
-      }
 
       const passwordMatch = await comparePassword(password, user.user_password);
-      if (!passwordMatch) {
+      if (!passwordMatch) throw new ErrorHandler(401, 'Invalid credentials');
-        throw new ErrorHandler(401, 'Invalid credentials');
-      }
 
-      if (!user.is_active) {
+      if (!user.is_active) throw new ErrorHandler(403, 'User is inactive');
-        throw new ErrorHandler(403, 'User is inactive');
+      if (!user.is_approve)
-      }
-
-      if (!user.is_approve) {
         throw new ErrorHandler(403, 'Your account has not been approved by admin yet.');
-      }
 
       const payload = {
         user_id: user.user_id,
@@ -88,7 +82,6 @@ class AuthService {
       };
 
       const tokens = JWTService.generateTokenPair(payload);
-
       return { user: payload, tokens };
     } catch (error) {
       throw new ErrorHandler(error.statusCode, error.message);
@@ -98,10 +91,6 @@ class AuthService {
   // Refresh Token
   static async refreshToken(refreshToken) {
     try {
-      if (!refreshToken) {
-        throw new ErrorHandler(401, 'Refresh token is required');
-      }
-
       let decoded;
       try {
         decoded = JWTService.verifyRefreshToken(refreshToken);

services/user.service.js

@@ -1,174 +1,151 @@
-const { 
+const {
-  createUserDb,
-  getUserByIdDb,
   getAllUsersDb,
+  getUserByIdDb,
+  getUserByUserEmailDb,
   getUserByUsernameDb,
+  createUserDb,
   updateUserDb,
+  approveUserDb,
   deleteUserDb,
   changeUserPasswordDb
 } = require('../db/user.db');
 const { hashPassword } = require('../helpers/hashPassword');
 const { ErrorHandler } = require('../helpers/error');
 
-const statusName = [
-  { status: true, status_name: "Aktif" },
-  { status: false, status_name: "NonAktif" }
-];
-
 class UserService {
 
-  // Get all status users
-  getAllStatusUsers = async () => {
-    try {
-      return statusName;
-    } catch (error) {
-      throw new ErrorHandler(error.statusCode || 500, error.message);
-    }
-  };
-
   // Get all users
-  getAllUsers = async () => {
+  static async getAllUsers(param) {
     try {
-      const results = await getAllUsersDb();
+      const results = await getAllUsersDb(param);
-
-      results.forEach(user => {
-        user.is_active = user.is_active == 1;
-        user.is_active_name = statusName.find(s => s.status === user.is_active)?.status_name;
-        delete user.user_password; // remove password
-      });
-
       return results;
     } catch (error) {
-      throw new ErrorHandler(error.statusCode || 500, error.message);
+      throw new ErrorHandler(error.statusCode, error.message);
     }
-  };
+  }
 
   // Get user by ID
-  getUserById = async (id) => {
+  static async getUserById(id) {
     try {
-      const user = await getUserByIdDb(id);
+      const result = await getUserByIdDb(id);
-      if (!user) throw new ErrorHandler(404, "User not found");
 
-      user.is_active = user.is_active == 1;
+      if (!result) throw new ErrorHandler(404, 'User not found');
-      user.is_active_name = statusName.find(s => s.status === user.is_active)?.status_name;
+
-      delete user.user_password;
+      return result;
-      return user;
     } catch (error) {
-      throw new ErrorHandler(error.statusCode || 500, error.message);
+      throw new ErrorHandler(error.statusCode, error.message);
     }
-  };
+  }
 
-  // Create users
+  // Create user
-  createUser = async ({ fullname, name, email, phone, password, role_id = null, is_sa = 0, is_active = 1, approved_by }) => {
+  static async createUser(data) {
     try {
-      const existingUser = await getUserByUsernameDb(name);
+      if (!data || typeof data !== 'object') data = {};
-      if (existingUser) throw new ErrorHandler(400, "Username already taken");
 
-      const hashedPassword = await hashPassword(password);
+      const creatorId = data.userId;
 
-      const userId = await createUserDb({
+      const existingEmail = await getUserByUserEmailDb(data.user_email);
-        user_fullname: fullname,
+      const existingUsername = await getUserByUsernameDb(data.user_name);
-        user_name: name,
-        user_email: email,
-        user_phone: phone,
-        user_password: hashedPassword,
-        role_id,
-        is_sa,
-        is_active,
-        is_approve: 1,
-        approved_by,
-        approved_at: new Date()
-      });
 
-      return {
+      if (existingUsername) {
-        user_id: userId,
+        throw new ErrorHandler(400, 'Username is already taken');
-        user_fullname: fullname,
+      }
-        user_name: name,
+      if (existingEmail) {
-        user_email: email,
+        throw new ErrorHandler(400, 'Email is already taken');
-        user_phone: phone,
-        role_id,
-        is_sa,
-        is_active,
-        is_approve: 1,
-        approved_by
-      };
-    } catch (error) {
-      throw new ErrorHandler(error.statusCode || 500, error.message);
-    }
-  };
-
-  // Update user
-  updateUser = async ({ user_id, fullname, name, email, phone, role_id, is_sa, is_active, is_approve, updatedById }) => {
-    try {
-      const user = await getUserByIdDb(user_id);
-      if (!user) throw new ErrorHandler(404, "User not found");
-
-      // Cek username
-      if (name && user.user_name.toLowerCase() !== name.toLowerCase()) {
-        const userByName = await getUserByUsernameDb(name);
-        if (userByName) throw new ErrorHandler(400, "Username already taken");
       }
 
-      const updateData = {
+      if (data.user_password) {
-        ...(fullname && { user_fullname: fullname }),
+        data.user_password = await hashPassword(data.user_password);
-        ...(name && { user_name: name }),
+      }
-        ...(email && { user_email: email }),
-        ...(phone && { user_phone: phone }),
-        ...(role_id !== undefined && { role_id }),
-        ...(updatedById !== undefined && { updated_by: updatedById })
-      };
 
-      await updateUserDb(user_id, updateData);
+      data.is_approve = 1;
+      data.approved_by = creatorId;
+      data.created_by = creatorId;
+      data.updated_by = creatorId;
+      data.is_sa = 0;
+      data.is_active = 1;
+      delete data.userId;
 
-      const updatedUser = await getUserByIdDb(user_id);
+      const result = await createUserDb(data);
-      delete updatedUser.user_password;
+      return result;
-      updatedUser.is_active = updatedUser.is_active == 1;
-      updatedUser.is_active_name = statusName.find(s => s.status === updatedUser.is_active)?.status_name;
-
-      return updatedUser;
     } catch (error) {
       throw new ErrorHandler(error.statusCode || 500, error.message);
     }
-  };
+  }
+
+  // Update user
+  static async updateUser(id, data) {
+    try {
+      if (!data || typeof data !== 'object') data = {};
+
+      const existingEmail = await getUserByUserEmailDb(data.user_email);
+      const existingUsername = await getUserByUsernameDb(data.user_name);
+
+      if (existingUsername) {
+        throw new ErrorHandler(400, 'Username is already taken');
+      }
+      if (existingEmail) {
+        throw new ErrorHandler(400, 'Email is already taken')
+      }
+
+      const userExist = await getUserByIdDb(id);
+      if (!userExist) throw new ErrorHandler(404, 'User not found');
+
+      const result = await updateUserDb(id, data);
+      return result;
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  }
 
   // Approve user
-  approveUser = async (userId, approverId) => {
+  static async approveUser(userId, approverId) {
     try {
-      const updateData = {
+      if (!userId) {
-        is_approve: 1,
+        throw new ErrorHandler(400, 'User ID is required');
-        approved_by: approverId,
+      }
-        approved_at: new Date()
-      };
-      await updateUserDb(userId, updateData);
 
-      const updatedUser = await getUserByIdDb(userId);
+      const existingUser = await getUserByIdDb(userId);
-      delete updatedUser.user_password;
+      if (!existingUser) {
+        throw new ErrorHandler(404, 'User not found');
+      }
+
+      if (existingUser.is_approve) {
+        throw new ErrorHandler(400, 'User is already approved');
+      }
+
+      const updatedUser = await approveUserDb(userId, approverId);
       return updatedUser;
     } catch (error) {
       throw new ErrorHandler(error.statusCode || 500, error.message);
     }
-  };
+  }
 
-  // Delete user (soft delete)
+  // Soft delete user
-  deleteUser = async (userId, deletedBy) => {
+  static async deleteUser(id, userId) {
     try {
-      await deleteUserDb(userId, deletedBy);
+      const userExist = await getUserByIdDb(id);
-      return { message: "User deleted successfully" };
+      if (!userExist) throw new ErrorHandler(404, 'User not found');
+
+      const result = await deleteUserDb(id, userId);
+      return result;
     } catch (error) {
-      throw new ErrorHandler(error.statusCode || 500, error.message);
+      throw new ErrorHandler(error.statusCode, error.message);
     }
-  };
+  }
 
   // Change password
-  changeUserPassword = async (user_Id, new_Password) => {
+  static async changeUserPassword(id, newPassword) {
     try {
-      const hashedPassword = await hashPassword(new_Password);
+      const userExist = await getUserByIdDb(id);
-      await changeUserPasswordDb(user_Id, hashedPassword);
+      if (!userExist) throw new ErrorHandler(404, 'User not found');
-      return { message: "Password updated successfully" };
+
+      const result = await changeUserPasswordDb(id, newPassword);
+      return result;
     } catch (error) {
-      throw new ErrorHandler(error.statusCode || 500, error.message);
+      throw new ErrorHandler(error.statusCode, error.message);
     }
-  };
+  }
 }
 
-module.exports = new UserService();
+module.exports = UserService;

validate/auth.schema.js

@@ -4,17 +4,17 @@ const Joi = require("joi");
 // Auth Validation
 // ========================
 const registerSchema = Joi.object({
-  fullname: Joi.string().min(3).max(100).required(),
+  user_fullname: Joi.string().min(3).max(100).required(),
-  name: Joi.string().alphanum().min(3).max(50).required(),
+  user_name: Joi.string().alphanum().min(3).max(50).required(),
-  email: Joi.string().email().required(),
+  user_email: Joi.string().email().required(),
-  phone: Joi.string()
+  user_phone: Joi.string()
     .pattern(/^(?:\+62|0)8\d{7,10}$/)
     .required()
     .messages({
       'string.pattern.base':
         'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
     }),
-  password: Joi.string()
+  user_password: Joi.string()
     .min(8)
     .pattern(/[A-Z]/, 'uppercase letter')
     .pattern(/[a-z]/, 'lowercase letter')

validate/user.schema.js

@@ -4,17 +4,17 @@ const Joi = require("joi");
 // Users Validation
 // ========================
 const userSchema = Joi.object({
-  fullname: Joi.string().min(3).max(100).required(),
+  user_fullname: Joi.string().min(3).max(100).required(),
-  name: Joi.string().alphanum().min(3).max(50).required(),
+  user_name: Joi.string().alphanum().min(3).max(50).required(),
-  email: Joi.string().email().required(),
+  user_email: Joi.string().email().required(),
-  phone: Joi.string()
+  user_phone: Joi.string()
     .pattern(/^(?:\+62|0)8\d{7,10}$/)
     .required()
     .messages({
       'string.pattern.base':
         'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
     }),
-  password: Joi.string()
+  user_password: Joi.string()
     .min(8)
     .pattern(/[A-Z]/, 'uppercase letter')
     .pattern(/[a-z]/, 'lowercase letter')
@@ -28,6 +28,19 @@ const userSchema = Joi.object({
   role_id: Joi.number().integer().min(1)
 });
 
+const updateUserSchema = Joi.object({
+  user_fullname: Joi.string().min(3).max(100),
+  user_name: Joi.string().alphanum().min(3).max(50),
+  user_email: Joi.string().email(),
+  user_phone: Joi.string()
+    .pattern(/^(?:\+62|0)8\d{7,10}$/)
+    .messages({
+      'string.pattern.base':
+        'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
+    }),
+  role_id: Joi.number().integer().min(1)
+}).min(1);
+
 const newPasswordSchema = Joi.object({
   new_password: Joi.string()
     .min(8)
@@ -45,4 +58,5 @@ const newPasswordSchema = Joi.object({
 module.exports = {
     userSchema,
     newPasswordSchema,
+    updateUserSchema
 };